package sf01.studentmngmsystem.interceptor;

import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;

@Component
public class AuthInterceptor implements HandlerInterceptor {
    
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String uri = request.getRequestURI();
        
        // 不需要权限验证的路径
        if (uri.equals("/") || uri.equals("/index") || 
            uri.startsWith("/teacher/login") || uri.startsWith("/login") ||
            uri.startsWith("/css/") || uri.startsWith("/js/") || uri.startsWith("/images/")) {
            return true;
        }
        
        HttpSession session = request.getSession();
        
        // 检查学生管理相关页面的权限
        if (uri.startsWith("/students") || uri.startsWith("/api/students")) {
            if (session.getAttribute("teacher") == null) {
                response.sendRedirect("/teacher/login");
                return false;
            }
        }
        
        return true;
    }
}